<?php
   // ************************************************************************
   // **                                                                    **
   // **          This original software was designed and coded by          **
   // **                                                                    **
   // **                         David A. Goldsmith                         **
   // **                                                                    **
   // **                       dave106@wonderdave.com                       **
   // **                                                                    **
   // **                          March/April 2005                          **
   // **                         Revised April 2008                         **
   // **            Revised for Galileo High School, August 2009            **
   // **                                                                    **
   // ************************************************************************
?>


<html>
<title>Computer Lab Signup System Administration</title>

<link rel="stylesheet" href="LAB-Admin.css" type="text/css">

<center>
   <font color="#770000" size=5><b><u>Computer Lab Signup System Administration</u></b></font><br><br>
   <font color="#800080" size=4><b>Add / Edit / Delete User Accounts</b></font>
</center>
<br><br><br>


<script language="JavaScript" type="text/javascript">
   function ConfirmDelete()
   {
      return confirm('Are you sure that you want to permanently\n' +
                     'REMOVE this teacher\'s Lab Signup account?\n\n' +
                     '( OK = Yes    Cancel = No )');
   }
</script>


<?php
   include("Configure.php");


   // In case the "register_globals" PHP directive is off, make sure all of the passed form variables are accessible
   $DeleteTeacher  = $_POST['DeleteTeacher'];
   $FirstName      = $_POST['FirstName'];
   $LastName       = $_POST['LastName'];
   $NewUser        =  mysql_real_escape_string($_POST['NewUser']);
   $Submit         = $_POST['Submit'];
   $Superuser      =  mysql_real_escape_string($_POST['Superuser']);
   $User           = $_POST['User'];


   function StripBadChars($String)
   {
      $BadChars = array("\"", "\'", "\\");
      $String = str_replace($BadChars, '', $String);

      return $String;
   }


   if ($NewUser)
      $User = $NewUser;


   // Strip away "bad" characters from the form variables that may have just been submitted
   $User = trim(StripBadChars($User));
   $FirstName = trim(StripBadChars($FirstName));
   $LastName = trim(StripBadChars($LastName));


   // See if a username has been entered
   if ($User)
   {
      // Determine if the username already exists in the "LabTeachers" table
      $Query1 = mysql_query("SELECT LastName, FirstName, Superuser FROM LabTeachers WHERE Username='$User'", $DB);
      $Data1 = mysql_fetch_array($Query1);
      $NumRecords1 = mysql_num_rows($Query1);


      // Determine if the username currently exists in the "LabSessions" table
      $Query2 = mysql_query("SELECT Username FROM LabSessions WHERE Username='$User'", $DB);
      $NumRecords2 = mysql_num_rows($Query2);


      // Determine if the username exists in any of the "LabSignups" tables for this week or a future week
      $Query3 = mysql_query("SELECT Room FROM Labs", $DB);

      // Determine the date of the Monday for this current week (or for the upcoming week, if it is now a weekend)
      $ThisFriday = date("Y-m-d 00:00:00", strtotime("this Friday"));
      $Date = date("Y-m-d", strtotime("last Monday", strtotime($ThisFriday)));

      while ($Data3 = mysql_fetch_array($Query3))
      {
         $Room = $Data3["Room"];
         $Query4 = mysql_query("SELECT Date FROM LabSignups$Room
                                WHERE (Date>='$Date') AND
                                      ((Signup1='$User') OR (Signup2='$User') OR (Signup3='$User') OR
                                       (Signup4='$User') OR (Signup5='$User') OR (Signup6='$User') OR
                                       (Signup7='$User') OR (Signup8='$User'))", $DB);
         $NumRecords2 += mysql_num_rows($Query4);
      }
   }


   // See if a submission has been made of teacher information to be added/edited/deleted
   if ($Submit)
   {
      $Invalid = 0;

      // See if the teacher information is invalid
      if (($User == "") or ($FirstName == "") or ($LastName == ""))
         $Invalid = 1;

      if ($DeleteTeacher)
         $Invalid = 0;

      if ($Invalid != 0)
         // The teacher information is NOT valid
         $Submit = "";

      if ($Invalid == 0)
      {
         // The teacher information IS valid; add/update/delete the information to/in/from the "LabTeachers" table
         if ($NumRecords1 == 0)
            $Query = mysql_query("INSERT INTO LabTeachers (Username, LastName, FirstName, Superuser)
                                  VALUES ('$User', '$LastName', '$FirstName', '$Superuser')", $DB);

         if (($NumRecords1 > 0) and (! $DeleteTeacher))
            $Query = mysql_query("UPDATE LabTeachers SET LastName='$LastName', FirstName='$FirstName', Superuser='$Superuser'
                                  WHERE Username='$User'", $DB);

         if ($DeleteTeacher)
            $Query = mysql_query("DELETE FROM LabTeachers WHERE Username='$User'", $DB);


         // Allow another set of teacher information to be added/edited/deleted
         echo "<script language='JavaScript'>alert('Database Updated');</script>";
         echo "<body onLoad=\"location.replace('EditTeacher.php')\">";
      }
   }


   if (! $User)
   {
      // A teacher's username has NOT been entered; set the focus to the appropriate object
      echo "<body onLoad='document.ContinueForm.NewUser.focus()'>";

      echo "<table align=center border=0 cellpadding=0 cellspacing=0>";
      echo "<form name='ContinueForm' method='post' action='EditTeacher.php'>";


      // Retrieve the teacher usernames from the "LabTeachers" table
      $Query = mysql_query("SELECT Username FROM LabTeachers ORDER BY Username", $DB);

      // Display a pulldown menu of all of the teacher usernames in the "LabTeachers" table
      echo "<td valign=top align=center><font face='Arial' size=3 color='#000000'>";
      echo "<b>Choose an existing username:</b></font><br><br>";

      echo "<select name='User'>";
      echo "<option selected>";
      while ($Data = mysql_fetch_array($Query))
      {
         $TempUser = $Data["Username"];
         echo "<option>$TempUser";
      }
      echo "</select></td></center><br>";


      echo "<td valign=top align=center width=100><b><font face='Arial' size=3 color='#c00000'>OR</font></b></td>";


      echo "<td valign=top align=center height=120><b><font face='Arial' size=3 color='#000000'>";
      echo "Enter a new username:</font></b><br><br>";
      echo "<input type='text' name='NewUser' size=26 maxlength=25></td></tr>";


      echo "<tr><td colspan=3 align=center><input type='submit' name='Continue' value='Continue' ";
      echo "style='width:80px;font-weight:bold;color:#006000'> &nbsp; &nbsp; &nbsp; &nbsp; ";

      // Display a button that returns to the Main Menu
      echo "<input type='button' value='Return to Main Menu' ";
      echo "style='width:154px;font-weight:bold;color:#000090' ";
      echo "onClick=\"location.replace('AdminMenu.php')\">";
      echo "</td></tr>";
      echo "</form></table>";
   }


   if (($User) and (! $Submit))
   {
      // A teacher's username HAS been entered; if the username already exists in the "LabTeachers" table,
      //  retrieve the corresponding teacher's first and last name and superuser status
      if ($NumRecords1 > 0)
      {
         $FirstName = $Data1["FirstName"];
         $LastName  = $Data1["LastName"];
         $Superuser = $Data1["Superuser"];
      }


      // Set the focus to the appropriate object
      if (! $FirstName)
         echo "<body onLoad='document.EditTeacherForm.FirstName.focus()'>";
      else if (! $LastName)
         echo "<body onLoad='document.EditTeacherForm.LastName.focus()'>";
      else
         echo "<body onLoad='document.EditTeacherForm.Submit.focus()'>";


      echo "<table align=center border=0 cellpadding=0 cellspacing=0>";
      echo "<form name='EditTeacherForm' method='post' action='EditTeacher.php'>";
      echo "<input type='hidden' name='User' value='$User'>";

      echo "<tr><td valign=top align=right height=50><b><font face='Arial' size=3 color='#000000'>";
      echo "Username:</font></b></td>";
      echo "<td width=10></td>";
      echo "<td valign=top><font size=4 color='#000090'><b>$User</b></font></td></tr>";

      echo "<tr><td valign=top align=right height=50><b><font face='Arial' size=3 color='#000000'>";
      echo "First Name:</font></b></td>";
      echo "<td width=10></td>";
      echo "<td valign=top><input type='text' name='FirstName' value='$FirstName' size=20 maxlength=20></td></tr>";

      echo "<tr><td valign=top align=right height=75><b><font face='Arial' size=3 color='#000000'>";
      echo "Last Name:</font></b></td>";
      echo "<td width=10></td>";
      echo "<td valign=top><input type='text' name='LastName' value='$LastName' size=20 maxlength=20></td></tr>";


      echo "<tr><td valign=top align=right height=50><b><font face='Arial' size=3 color='#c00000'>";
      echo "Superuser:</font></b></td>";
      echo "<td width=10></td>";
      echo "<td valign=top><input type='radio' name='Superuser' value='Y' checked>Yes &nbsp; &nbsp; &nbsp; &nbsp;";
      if ($Superuser == "Y")
         echo "<input type='radio' name='Superuser' value='N'>No</td></tr>";
      else
         echo "<input type='radio' name='Superuser' value='N' checked>No</td></tr>";


      if (($NumRecords1 > 0) and ($NumRecords2 == 0))
      {
         echo "<tr><td colspan=3 align=center height=50>";
         echo "<input type='checkbox' name='DeleteTeacher' ";
         echo "onClick='if (checked) { return ConfirmDelete() }'>";
         echo "<b>Delete User</b></td></tr>";
      }


      // Display a button that saves the added/edited/deleted teacher information
      echo "<tr><td colspan=3 valign=bottom align=center height=50>";
      echo "<input type='submit' name='Submit' value='Save Information' ";
      echo "style='width:130px;font-weight:bold;color:#006000'> &nbsp; &nbsp; &nbsp; &nbsp; ";

      // Display a button that cancels any unsaved changes and restarts the add/edit/delete teacher information process
      echo "<input type='button' value='Cancel' ";
      echo "style='width:80px;font-weight:bold;color:#c00000' ";
      echo "onClick=\"location.replace('EditTeacher.php')\"> &nbsp; &nbsp; &nbsp; &nbsp; ";

      // Display a button that returns to the main menu (without saving any changes)
      echo "<input type='button' value='Return to Main Menu' ";
      echo "style='width:154px;font-weight:bold;color:#000090' ";
      echo "onClick=\"location.replace('AdminMenu.php')\">";
      echo "</td></tr>";
      echo "</form></table><br>";


      if ($Invalid == 1)
      {
         echo "<center><font face='Arial' size=5 color='#c00000'><b>";
         echo "Missing Information<br>";
         echo "</b></font></center>";
      }
   }
?>


</body>

</html>
